On Mon, Jun 06, 2016 at 16:09:00 +0100, Daniel Berrange wrote:
Add support for a "tls_priority" URI parameter in remote driver URIs. eg
qemu+tls://localhost/session?tls_priority=NORMAL:-VERS-SSL3.0
Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- docs/remote.html.in | 13 +++++++++++++ src/remote/remote_driver.c | 5 ++++- 2 files changed, 17 insertions(+), 1 deletion(-)
[...]
diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index 219cf47..5f02169 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c
[...]
@@ -774,6 +775,7 @@ doRemoteOpen(virConnectPtr conn, EXTRACT_URI_ARG_STR("pkipath", pkipath); EXTRACT_URI_ARG_STR("known_hosts", knownHosts); EXTRACT_URI_ARG_STR("known_hosts_verify", knownHostsVerify); + EXTRACT_URI_ARG_STR("tls_priority", tls_priority);
This copies the string from the URI.
EXTRACT_URI_ARG_BOOL("no_sanity", sanity); EXTRACT_URI_ARG_BOOL("no_verify", verify); @@ -845,12 +847,13 @@ doRemoteOpen(virConnectPtr conn, #ifdef WITH_GNUTLS priv->tls = virNetTLSContextNewClientPath(pkipath, geteuid() != 0 ? true : false, - NULL, + tls_priority, sanity, verify); if (!priv->tls) goto failed; priv->is_secure = 1; #else + (void)tls_priority; (void)sanity; (void)verify; virReportError(VIR_ERR_INVALID_ARG, "%s",
So tls_priority is leaked in doRemoteOpen. ACK with the above fixed.